Security Vulnerabilities
Tesla Wall Connector Firmware Downgrade Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Tesla Wall Connector devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware upgrade feature. The issue results from the lack of an anti-downgrade mechanism. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the device. Was ZDI-CAN-26299.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-07-30
An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6. An app may be able to access sensitive user data.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-07-30
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may gain unauthorized access to Local Network.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-07-30
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to circumvent sandbox restrictions.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-07-30
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to circumvent sandbox restrictions.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-07-30
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-07-30
A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-07-30
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, watchOS 11.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted audio file may lead to memory corruption.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-30
the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter
CVSS Score
6.1
EPSS Score
0.0
Published
2025-07-30
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.6. A website may be able to access sensitive user data when resolving symlinks.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-07-30